CVE-2024-20488
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2024-20488 is a vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME), which allows an unauthenticated, remote attacker to perform cross-site scripting (XSS) attacks. The flaw arises from improper validation of user-supplied input, enabling attackers to trick users into clicking malicious links that could execute arbitrary scripts or access sensitive information. Affected products include a wide range of Cisco Unified Communication systems. To remediate this vulnerability, users are advised to apply the security patches provided by Cisco as outlined in their advisory. This vulnerability poses a medium severity risk, requiring user interaction for exploitation but potentially compromising sensitive browser-based data if successfully executed.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.